Unpatched Python Library Affects More Than 300,000 Open-Source Projects

Trellix security researchers have revealed a major vulnerability in the Python tarfile library that could be exploited in software supply chain attacks. The researchers believe it could be used against organizations at scale, which could lead to attacks as serious as the one that hit SolarWinds two years ago.